CVE-2025-53597 - Vulnerability Details - OpenCVE

A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the vulnerability in the following version:
License Center 2.0.36 and later

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

We have already fixed the vulnerability in the following version: License Center 2.0.36 and later

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.qnap.com/en/security-advisory/qsa-25-52

History

Fri, 02 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 02 Jan 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: License Center 2.0.36 and later
Title		License Center
Weaknesses		CWE-121
References		https://www.qnap.com/en/security-advisory/qsa-25-52
Metrics		cvssV4_0 `{'score': 1.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2026-01-02T15:18:41.520Z

Updated: 2026-01-02T19:11:27.286Z

Reserved: 2025-07-04T01:08:32.757Z

Link: CVE-2025-53597

Vulnrichment

Updated: 2026-01-02T19:11:22.349Z

NVD

Status : Awaiting Analysis

Published: 2026-01-02T16:16:59.727

Modified: 2026-01-02T16:45:26.640

Link: CVE-2025-53597

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-121

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-53597", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2025-07-04T01:08:32.757Z", "datePublished": "2026-01-02T15:18:41.520Z", "dateUpdated": "2026-01-02T19:11:27.286Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "License Center", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "2.0.36", "status": "affected", "version": "2.0.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "coral"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.<br><br>We have already fixed the vulnerability in the following version:<br>License Center 2.0.36 and later<br>"}], "value": "A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nLicense Center 2.0.36 and later"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 1.2, "baseSeverity": "LOW", "exploitMaturity": "UNREPORTED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2026-01-02T15:18:41.520Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-52"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>License Center 2.0.36 and later<br>"}], "value": "We have already fixed the vulnerability in the following version:\nLicense Center 2.0.36 and later"}], "source": {"advisory": "QSA-25-52", "discovery": "EXTERNAL"}, "title": "License Center", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-02T19:11:15.317248Z", "id": "CVE-2025-53597", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-02T19:11:27.286Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53597", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-02T19:11:15.317248Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-02T19:11:22.349Z"}}], "cna": {"title": "License Center", "source": {"advisory": "QSA-25-52", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "coral"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 1.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "License Center", "versions": [{"status": "affected", "version": "2.0.x", "lessThan": "2.0.36", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following version:\nLicense Center 2.0.36 and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>License Center 2.0.36 and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-52"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nLicense Center 2.0.36 and later", "supportingMedia": [{"type": "text/html", "value": "A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.<br><br>We have already fixed the vulnerability in the following version:<br>License Center 2.0.36 and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2026-01-02T15:18:41.520Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53597", "state": "PUBLISHED", "dateUpdated": "2026-01-02T19:11:27.286Z", "dateReserved": "2025-07-04T01:08:32.757Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2026-01-02T15:18:41.520Z", "assignerShortName": "qnap"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nLicense Center 2.0.36 and later"}], "id": "CVE-2025-53597", "lastModified": "2026-01-02T16:45:26.640", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.2, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2026-01-02T16:16:59.727", "references": [{"source": "security@qnapsecurity.com.tw", "url": "https://www.qnap.com/en/security-advisory/qsa-25-52"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "security@qnapsecurity.com.tw", "type": "Primary"}]}